最近 Nginx 漏洞 (CVE-2018-16843,CVE-2018-16844)需要升级nginx的版本到1.14.1 1.15.6,如下以Nginx-1.14.1编译为例 。
nginx-1.14.1编译安装
1、安装基本环境
# yum -y install gcc gcc-c++ autoconf automake make wget vim
# yum -y install openssl openssl-devel libxml2-devel libxslt-devel perl-devel perl-ExtUtils-Embed libtool zlib zlib-devel pcre pcre-devel patch
2、LuaJIT即采用C语言写的Lua的解释器的代码。
unzip luajit2-2.1-agentzh.zip && cd luajit2-2.1-agentzh
make install PREFIX=/usr/local/luajit
echo "/usr/local/luajit/lib" > /etc/ld.so.conf.d/usr_local_luajit_lib.conf
ldconfig
export LUAJIT_LIB=/usr/local/luajit/lib
export LUAJIT_INC=/usr/local/luajit/include/luajit-2.1
3、下载ngx_devel_kit并解压
https://github.com/simplresty/ngx_devel_kit
unzip ngx_devel_kit-master.zip
下载 set-misc-nginx-module模块
下载redis2-nginx-module模块
下载ngx-fancyindex模块
下载lua-upstream-nginx-module模块
4、下载ngx_lua并解压
wget
tar -zxvf v0.10.2.tar.gz && mv lua-nginx-module-0.10.2 lua-nginx-module
5、安装PCRE-8.42(Nginx的Rewrite功能)
# wget
# tar -zxvf pcre-8.42.tar.gz && cd pcre-8.42/ && ./configure && make && make install && cd ..
6、安装Zlib-1.2.11(Nginx的Gzip压缩功能)
# wget
# tar -zxvf zlib-1.2.11.tar.gz && cd zlib-1.2.11 && ./configure && make && make install && cd ..
7、安装OpenSSL-1.1.1(nginx第三方模块—nginx-sticky-module的使用)
# wget
# tar -zxvf openssl-1.1.1-pre8.tar.gz && cd openssl-1.1.1-pre8 && ./config && make && make install && cd ..
8、安装nginx-sticky-module
# wget
# tar -zxvf master.tar.gz && mv nginx-goodies-nginx-sticky-module-ng-08a395c66e42/ nginx-sticky-module/
9、安装nginx_upstream_check_module
# wget
下面是给要安装的nginx打上模块补丁的安装方法
下载nginx(略)
$ cd nginx-1.14.1/
$ patch -p1 < /path/to/nginx_http_upstream_check_module/check.patch
注:因nginx版本更新,1.14以上版本的nginx,补丁为check_1.14.0+.patch
$patch -p1 < /usr/local/src/nginx_upstream_check_module-master/check_1.14.0+.patch
$ ./configure –add-module=/path/to/nginx_upstream_check_module-master
10、安装nginx
# wget
# tar -zxvf nginx-1.14.1.tar.gz
# cd nginx-1.14.1
./configure \
--prefix=/apps/nginx \
--user=www \
--group=www \
--with-http_ssl_module \
--with-http_v2_module \
--with-http_dav_module \
--with-http_flv_module \
--with-http_realip_module \
--with-http_addition_module \
--with-http_xslt_module \
--with-http_stub_status_module \
--with-http_sub_module \
--with-http_random_index_module \
--with-http_degradation_module \
--with-http_secure_link_module \
--with-http_stub_status_module \
--with-http_gzip_static_module \
--with-http_gunzip_module \
--with-http_perl_module \
--add-module=../nginx-sticky-module \
--with-pcre=../pcre-8.42 \
--with-zlib=/usr/local/src/zlib-1.2.11 \
--with-openssl=../openssl-1.1.1-pre8 \
--with-debug \
--with-file-aio \
--with-stream \
--with-stream_ssl_module \
--with-http_auth_request_module \
--with-mail \
--with-mail_ssl_module \
--with-pcre-jit \
--with-ld-opt=-ljemalloc \
--with-ld-opt=-Wl,-rpath,/usr/local/luajit/lib \
--add-module=../lua-nginx-module-master \
--add-module=../lua-upstream-nginx-module-master \
--add-module=../redis2-nginx-module \
--add-module=../ngx_devel_kit-master \
--add-module=../set-misc-nginx-module-master \
--add-module=../ngx-fancyindex-master \
--add-module=../nginx_upstream_check_module-master
# make -j2
# make install
启动方式
#/usr/lib/systemd/system/nginx.service
[Unit]
Description=nginx
After=network.target
[Service]
Type=forking
ExecStart=/apps/nginx/sbin/nginx -c /apps/nginx/conf/nginx.conf
ExecReload=/apps/nginx/sbin/nginx -s reload
ExecStop=/apps/nginx/sbin/nginx -s stop
PrivateTmp=true
[Install]
WantedBy=multi-user.target
# systemct start nginx.service
完成 !
---------------------
作者:weixin_33832340
来源:CSDN
原文:https://blog.csdn.net/weixin_33832340/article/details/87528280
版权声明:本文为博主原创文章,转载请附上博文链接!
阅读(2141) | 评论(0) | 转发(0) |